help: How to track user session with fastcgi
Yingyuan Cheng
yingyuan at staff.sina.com.cn
Fri Oct 26 05:09:04 MSD 2007
Thank you Maxim Dounin.
Maybe I should consider a 'ngx_http_sessid_module' based on
'ngx_http_userid_module'. Any more advice?
--
yingyuan
Maxim Dounin 写道:
> Hello!
>
> On Thu, 25 Oct 2007, Yingyuan Cheng wrote:
>
>> I want to use nginx as web front, dispatching uri of dynamic content to
>> fastcgi processes. How to track user session in such situation?
>>
>> I reviewed ngx_http_userid_module, which generates new user id if
>> special cookie key not found. But it has some cons:
>>
>> - If this is the first time user visiting site page, nginx can't record
>> user id with just visited page into log file
>
> It can. The uid_set variable contains userid cookie nginx set in
> response, and may be used in log.
>
>> - If the first visited page is generated by a fastcgi process, the
>> fastcgi process can't get user id just generated by
>> ngx_http_userid_module
>
> Yes. The above variable can't be passed to fastcgi backend since
> userid module actual work happens while sending headers to client
> (i.e. after fastcgi request).
>
>> Is there any way to work out? Thanks.
>
> Userid module was designed to track users through http logs for
> statistical purposes, and it solves the problem.
>
> If you want some way to assign session id to user for
> security/external data storage identifier etc (the "sessions" in php's
> meaning) - you should use other means to generate them.
>
> Note: cookies generated by userid module shouldn't be used as security
> identifier, since malicious user can easily guess other user's cookie.
>
>
> Maxim Dounin
>
More information about the nginx
mailing list